From b15661de47693aef78d96e2c9d67ae907e3ffed9 Mon Sep 17 00:00:00 2001
From: Thierry Vignaud <tvignaud@mandriva.org>
Date: Thu, 23 Dec 2004 18:17:32 +0000
Subject: (secured_output) introduce it

---
 MDK/Common/File.pm | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'MDK/Common/File.pm')

diff --git a/MDK/Common/File.pm b/MDK/Common/File.pm
index 86fb98b..5df7b4f 100644
--- a/MDK/Common/File.pm
+++ b/MDK/Common/File.pm
@@ -38,6 +38,11 @@ array context it returns the lines
 
 creates a file and outputs the list (if the file exists, it is clobbered)
 
+=item secured_output(FILENAME, LIST)
+
+likes output() but prevents insecured usage (it dies if somebody try
+to exploit the race window between unlink() and creat())
+
 =item append_to_file(FILENAME, LIST)
 
 add the LIST at the end of the file
@@ -136,6 +141,8 @@ sub output_with_perm { my ($f, $perm, @l) = @_; mkdir_p(dirname($f)); output($f,
 sub linkf    { unlink $_[1]; link    $_[0], $_[1] }
 sub symlinkf { unlink $_[1]; symlink $_[0], $_[1] }
 sub renamef  { unlink $_[1]; rename  $_[0], $_[1] }
+use Fcntl;
+sub secured_output { my $f = shift; unlink($f); sysopen(my $F, $f, O_CREAT|O_EXCL|O_RDWR) or die "secure output in file $f failed: $! $@\n"; print $F $_ foreach @_; 1 } 
 
 
 sub mkdir_p {
-- 
cgit v1.2.1